Snake Oil 2.0 – why more data is bad
Why more data is bad Remember the old joke regarding college degrees? BS = Bull Shit, MS = More Shit and PhD == Piled Higher and Deeper and HBS == Half Baked Shit. In Western society, we are schooled to believe that more and faster is better – even though we can see that big data […]
Why big data for healthcare is dangerous and wrong
The Mckinsey Global Institute recently published a report entitled – Big data: The next frontier for innovation, competition, and productivity . The Mckinsey Global Institute report on big data is no more than a lengthy essay in fallacies, inflated hyperbole, faulty assumptions, lacking in evidence for its claims and ignoring the two most important stakeholders of […]
Five things a healthcare CIO can do to improve security
A metaphor I like to use with clients compares security vulnerabilities with seismic fault lines. As long as the earth doesn’t move – you’re safe, but once things start moving sideways – you can drop into a big hole. Most security vulnerabilities reside in the cracks of systems and organizational integration and during an M&A, those […]
How to secure patient data in a healthcare organization
If you are a HIPAA covered entity or a business associate vendor to a HIPAA covered entity the question of HIPAA – the question of securing patient data is central to your business. If you are a big organization, you probably don’t need my advice – since you have a lot of money to spend […]
Encryption, a buzzword, not a silver bullet
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are […]
Are passwords dead?
A recent article on CSO online ponders the question of whether or not passwords are dead – since they are not much of a security countermeasure anyhow (or so the article intimates). The article quotes a person who seems to believe that SQL injection attacks have to do with password security. Christopher Frenz, CTO at […]
Data Classification and Controls Policy for PCI DSS
Do you run an e-commerce site? Are you sure you do not store any payment card data or PII (personally identifiable information) in some MySQL database? The first step in protecting credit card and customer data is to know what sensitive data you really store, classify what you have and set up the appropriate security […]
Good customer service is key to good customer security
My friend Nissan Ratzlav-Katz starting blogging about customer service in Israel and how tolerant many of us have become to sub-standard and even really crappy customer service. An objection I’ve heard frequently to Google Apps is that they don’t give customer service – although I would argue that great products delivered that work on a global scale […]
The valley of death between IT and information security
IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. In order ot bridge the chasm – IT and security need to adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or […]
The root cause of credit card data breaches in Israel
In my previous post – “The Israeli credit card breach” I noted that there are 5 fundamental reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security. After reading the excellent article by Sarah Leibowitz-Dar in the Maariv […]
